Skip to content
Privacy policy

How we handle personal data.

We treat the data you share with us — name, work email, company, role, message — the same way we expect customers to treat the data their users share with them: scoped to purpose, retained no longer than needed, never sold.

Plain-language summary, full policy below. The full legal version of this policy is in preparation with counsel. The principles in this document are the ones we operate under today, in good faith and in line with GDPR / CCPA expectations. Customers with active or in-progress agreements receive the full DPA on request — request the DPA pack.

What we collect

From visitors (anyone reading this page): standard server logs (IP address, user agent, referrer, requested URL) for operational and security purposes. No third-party tracking pixels. No advertising cookies.

From prospects (people who submit the contact form): the fields you enter — name, work email, company, role, your selected intent, your message. This data is sent to our team via Resend and stored in our internal CRM for the purpose of replying to you.

From customers (people using the product at app.virtuethreatx.com): see the in-product privacy notice and your signed DPA. The marketing site itself does not collect product data.

What we don't do

  • We do not sell your data to anyone.
  • We do not share your contact details with third parties outside of the named sub-processors on the Trust Center.
  • We do not run ad-tracking pixels (Meta, Google Ads, LinkedIn Insight, etc.).
  • We do not run third-party analytics that fingerprint visitors.

Sub-processors

Vendors that touch personal data are enumerated on the Trust Center sub-processor table. Today: Cloudflare (edge hosting) and Resend (transactional email). Customers receive 30 days notice before any new sub-processor is engaged.

Retention

Contact-form submissions are retained for the duration of the inquiry plus a reasonable follow-up window — typically 18 months. Server logs are retained for 30 days for operational and security review. Customers can request deletion of their personal data at any time by emailing privacy@virtuethreatx.com.

Your rights

If you are in the EU, UK, California, or another jurisdiction with personal-data regulations, you have the right to access, correct, delete, port, or object to processing of your personal data. Email privacy@virtuethreatx.com and we will respond within the timeframe required by the applicable regulation (typically 30 days).

Data residency

Marketing-site data is processed in the regions our sub-processors operate. For customer data (in-product), data residency choice is available — EU or US — and other regions on request for enterprise customers. See Trust Center for details.

Contact

Privacy questions: privacy@virtuethreatx.com
Security disclosures: security@virtuethreatx.com (RFC 9116 contact at /.well-known/security.txt)
General: info@virtuethreatx.com

Updates

This policy is in active maintenance. Material changes will be announced via our blog and to active customers via direct email. Last updated 2026-05-25.

Questions about how we handle data?

Email privacy@virtuethreatx.com or request the full DPA pack.

Request DPA pack Trust Center